Visible to the public Biblio

Found 8018 results

Yang, Kun, Forte, Domenic, Tehranipoor, Mark M..  2017.  CDTA: A Comprehensive Solution for Counterfeit Detection, Traceability, and Authentication in the IoT Supply Chain. ACM Transactions on Design Automation of Electronic Systems (TODAES). 22:42:1-42:31.
The Internet of Things (IoT) is transforming the way we live and work by increasing the connectedness of people and things on a scale that was once unimaginable. However, the vulnerabilities in the IoT supply chain have raised serious concerns about the security and trustworthiness of IoT devices and components within them. Testing for device provenance, detection of counterfeit integrated circuits (ICs) and systems, and traceability of IoT devices are challenging issues to address. In this article, we develop a novel radio-frequency identification (RFID)-based system suitable for counterfeit detection, traceability, and authentication in the IoT supply chain called CDTA. CDTA is composed of different types of on-chip sensors and in-system structures that collect necessary information to detect multiple counterfeit IC types (recycled, cloned, etc.), track and trace IoT devices, and verify the overall system authenticity. Central to CDTA is an RFID tag employed as storage and a channel to read the information from different types of chips on the printed circuit board (PCB) in both power-on and power-off scenarios. CDTA sensor data can also be sent to the remote server for authentication via an encrypted Ethernet channel when the IoT device is deployed in the field. A novel board ID generator is implemented by combining outputs of physical unclonable functions (PUFs) embedded in the RFID tag and different chips on the PCB. A light-weight RFID protocol is proposed to enable mutual authentication between RFID readers and tags. We also implement a secure interchip communication on the PCB. Simulations and experimental results using Spartan 3E FPGAs demonstrate the effectiveness of this system. The efficiency of the radio-frequency (RF) communication has also been verified via a PCB prototype with a printed slot antenna.
Xuefeng, He, Chi, Zhang, Yuewu, Jing, Xingzheng, Ai.  2019.  Risk Evaluation of Agricultural Product Supply Chain Based on BP Neural Network. 2019 16th International Conference on Service Systems and Service Management (ICSSSM). :1–8.
The potential risk of agricultural product supply chain is huge because of the complex attributes specific to it. Actually the safety incidents of edible agricultural product emerge frequently in recent years, which expose the fragility of the agricultural product supply chain. In this paper the possible risk factors in agricultural product supply chain is analyzed in detail, the agricultural product supply chain risk evaluation index system and evaluation model are established, and an empirical analysis is made using BP neural network method. The results show that the risk ranking of the simulated evaluation is consistent with the target value ranking, and the risk assessment model has a good generalization and extension ability, and the model has a good reference value for preventing agricultural product supply chain risk.
Xue, Hong, Wang, Jingxuan, Zhang, Miao, Wu, Yue.  2019.  Emergency Severity Assessment Method for Cluster Supply Chain Based on Cloud Fuzzy Clustering Algorithm. 2019 Chinese Control Conference (CCC). :7108–7114.
Aiming at the composite uncertainty characteristics and high-dimensional data stream characteristics of the evaluation index with both ambiguity and randomness, this paper proposes a emergency severity assessment method for cluster supply chain based on cloud fuzzy clustering algorithm. The summary cloud model generation algorithm is created. And the multi-data fusion method is applied to the cloud model processing of the evaluation indexes for high-dimensional data stream with ambiguity and randomness. The synopsis data of the emergency severity assessment indexes are extracted. Based on time attenuation model and sliding window model, the data stream fuzzy clustering algorithm for emergency severity assessment is established. The evaluation results are rationally optimized according to the generalized Euclidean distances of the cluster centers and cluster microcluster weights, and the severity grade of cluster supply chain emergency is dynamically evaluated. The experimental results show that the proposed algorithm improves the clustering accuracy and reduces the operation time, as well as can provide more accurate theoretical support for the early warning decision of cluster supply chain emergency.
Sinclair, Dara, Shahriar, Hossain, Zhang, Chi.  2019.  Security Requirement Prototyping with Hyperledger Composer for Drug Supply Chain: A Blockchain Application. Proceedings of the 3rd International Conference on Cryptography, Security and Privacy. :158–163.
Blockchain may have a potential to prove its value for the new US FDA regulatory requirements defined in the Drug Supply Chain Security Act (DSCSA) as innovative solutions are needed to support the highly complex pharmaceutical industry supply chain as it seeks to comply. In this paper, we examine how blockchain can be applied to meet with the security compliance requirement for the pharmaceutical supply chain. We explore the online playground of Hyperledger Composer, a set of tools for building blockchain business networks, to model the data and access control rules for the drug supply chain. Our experiment shows that this solution can provide a prototyping opportunity for compliance checking with certain limitations.
Shamsi, Kaveh, Li, Meng, Plaks, Kenneth, Fazzari, Saverio, Pan, David Z., Jin, Yier.  2019.  IP Protection and Supply Chain Security through Logic Obfuscation: A Systematic Overview. ACM Transactions on Design Automation of Electronic Systems (TODAES). 24:65:1-65:36.
The globalization of the semiconductor supply chain introduces ever-increasing security and privacy risks. Two major concerns are IP theft through reverse engineering and malicious modification of the design. The latter concern in part relies on successful reverse engineering of the design as well. IC camouflaging and logic locking are two of the techniques under research that can thwart reverse engineering by end-users or foundries. However, developing low overhead locking/camouflaging schemes that can resist the ever-evolving state-of-the-art attacks has been a challenge for several years. This article provides a comprehensive review of the state of the art with respect to locking/camouflaging techniques. We start by defining a systematic threat model for these techniques and discuss how various real-world scenarios relate to each threat model. We then discuss the evolution of generic algorithmic attacks under each threat model eventually leading to the strongest existing attacks. The article then systematizes defences and along the way discusses attacks that are more specific to certain kinds of locking/camouflaging. The article then concludes by discussing open problems and future directions.
Sekine, Junko, Campos-Náñnez, Enrique, Harrald, John R., Abeledo, Hernán.  2006.  A Simulation-Based Approach to Trade-off Analysis of Port Security. Proceedings of the 38th Conference on Winter Simulation. :521–528.
Motivated by the September 11 attacks, we are addressing the problem of policy analysis of supply-chain security. Considering the potential economic and operational impacts of inspection together with the inherent difficulty of assigning a reasonable cost to an inspection failure call for a policy analysis methodology in which stakeholders can understand the trade-offs between the diverse and potentially conflicting objectives. To obtain this information, we used a simulation-based methodology to characterize the set of Pareto optimal solutions with respect to the multiple objectives represented in the decision problem. Our methodology relies on simulation and the response surface method (RSM) to model the relationships between inspection policies and relevant stakeholder objectives in order to construct a set of Pareto optimal solutions. The approach is illustrated with an application to a real-world supply chain.
Salamai, Abdullah, Hussain, Omar, Saberi, Morteza.  2019.  Decision Support System for Risk Assessment Using Fuzzy Inference in Supply Chain Big Data. 2019 International Conference on High Performance Big Data and Intelligent Systems (HPBD IS). :248–253.
Currently, organisations find it difficult to design a Decision Support System (DSS) that can predict various operational risks, such as financial and quality issues, with operational risks responsible for significant economic losses and damage to an organisation's reputation in the market. This paper proposes a new DSS for risk assessment, called the Fuzzy Inference DSS (FIDSS) mechanism, which uses fuzzy inference methods based on an organisation's big data collection. It includes the Emerging Association Patterns (EAP) technique that identifies the important features of each risk event. Then, the Mamdani fuzzy inference technique and several membership functions are evaluated using the firm's data sources. The FIDSS mechanism can enhance an organisation's decision-making processes by quantifying the severity of a risk as low, medium or high. When it automatically predicts a medium or high level, it assists organisations in taking further actions that reduce this severity level.
Nakamura, Emilio, Ribeiro, Sérgio.  2019.  Risk-Based Attributed Access Control Modelling in a Health Platform: Results from Project CityZen. 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :391–398.
This paper presents an access control modelling that integrates risk assessment elements in the attribute-based model to organize the identification, authentication and authorization rules. Access control is complex in integrated systems, which have different actors accessing different information in multiple levels. In addition, systems are composed by different components, much of them from different developers. This requires a complete supply chain trust to protect the many existent actors, their privacy and the entire ecosystem. The incorporation of the risk assessment element introduces additional variables like the current environment of the subjects and objects, time of the day and other variables to help produce more efficient and effective decisions in terms of granting access to specific objects. The risk-based attributed access control modelling was applied in a health platform, Project CityZen.
Akinrolabu, Olusola, New, Steve, Martin, Andrew.  2019.  Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study. 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :81–88.
Cloud computing is widely believed to be the future of computing. It has grown from being a promising idea to one of the fastest research and development paradigms of the computing industry. However, security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. Likewise, the attributes of the cloud such as multi-tenancy, dynamic supply chain, limited visibility of security controls and system complexity, have exacerbated the challenge of assessing cloud risks. In this paper, we conduct a real-world case study to validate the use of a supply chaininclusive risk assessment model in assessing the risks of a multicloud SaaS application. Using the components of the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, we show how the model enables cloud service providers (CSPs) to identify critical suppliers, map their supply chain, identify weak security spots within the chain, and analyse the risk of the SaaS application, while also presenting the value of the risk in monetary terms. A key novelty of the CSCCRA model is that it caters for the complexities involved in the delivery of SaaS applications and adapts to the dynamic nature of the cloud, enabling CSPs to conduct risk assessments at a higher frequency, in response to a change in the supply chain.
Zhang, Yiming, Fan, Yujie, Song, Wei, Hou, Shifu, Ye, Yanfang, Li, Xin, Zhao, Liang, Shi, Chuan, Wang, Jiabin, Xiong, Qi.  2019.  Your Style Your Identity: Leveraging Writing and Photography Styles for Drug Trafficker Identification in Darknet Markets over Attributed Heterogeneous Information Network. The World Wide Web Conference. :3448–3454.
Due to its anonymity, there has been a dramatic growth of underground drug markets hosted in the darknet (e.g., Dream Market and Valhalla). To combat drug trafficking (a.k.a. illicit drug trading) in the cyberspace, there is an urgent need for automatic analysis of participants in darknet markets. However, one of the key challenges is that drug traffickers (i.e., vendors) may maintain multiple accounts across different markets or within the same market. To address this issue, in this paper, we propose and develop an intelligent system named uStyle-uID leveraging both writing and photography styles for drug trafficker identification at the first attempt. At the core of uStyle-uID is an attributed heterogeneous information network (AHIN) which elegantly integrates both writing and photography styles along with the text and photo contents, as well as other supporting attributes (i.e., trafficker and drug information) and various kinds of relations. Built on the constructed AHIN, to efficiently measure the relatedness over nodes (i.e., traffickers) in the constructed AHIN, we propose a new network embedding model Vendor2Vec to learn the low-dimensional representations for the nodes in AHIN, which leverages complementary attribute information attached in the nodes to guide the meta-path based random walk for path instances sampling. After that, we devise a learning model named vIdentifier to classify if a given pair of traffickers are the same individual. Comprehensive experiments on the data collections from four different darknet markets are conducted to validate the effectiveness of uStyle-uID which integrates our proposed method in drug trafficker identification by comparisons with alternative approaches.
Yao, Yuanshun, Li, Huiying, Zheng, Haitao, Zhao, Ben Y..  2019.  Latent Backdoor Attacks on Deep Neural Networks. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. :2041–2055.
Recent work proposed the concept of backdoor attacks on deep neural networks (DNNs), where misclassification rules are hidden inside normal models, only to be triggered by very specific inputs. However, these "traditional" backdoors assume a context where users train their own models from scratch, which rarely occurs in practice. Instead, users typically customize "Teacher" models already pretrained by providers like Google, through a process called transfer learning. This customization process introduces significant changes to models and disrupts hidden backdoors, greatly reducing the actual impact of backdoors in practice. In this paper, we describe latent backdoors, a more powerful and stealthy variant of backdoor attacks that functions under transfer learning. Latent backdoors are incomplete backdoors embedded into a "Teacher" model, and automatically inherited by multiple "Student" models through transfer learning. If any Student models include the label targeted by the backdoor, then its customization process completes the backdoor and makes it active. We show that latent backdoors can be quite effective in a variety of application contexts, and validate its practicality through real-world attacks against traffic sign recognition, iris identification of volunteers, and facial recognition of public figures (politicians). Finally, we evaluate 4 potential defenses, and find that only one is effective in disrupting latent backdoors, but might incur a cost in classification accuracy as tradeoff.
Teodorescu, Horia-Nicolai, Bolea, Speranta Cecilia.  2019.  Text Sectioning Based on Stylometric Distances. 2019 International Conference on Speech Technology and Human-Computer Dialogue (SpeD). :1–6.
This article continues the stylometric study started in a previous one; we focus on stylometric distances between text segments and the use of these distances in text sectioning based on maximizing the distances between text parts. We refine the method previously introduced and improve on the results. Applications include the automation of stylistic analysis of texts, with implication on text summarization, historical analysis, and authorship analysis.
Tang, Xuemei, Liang, Shichen, Liu, Zhiying.  2019.  Authorship Attribution of The Golden Lotus Based on Text Classification Methods. Proceedings of the 2019 3rd International Conference on Innovation in Artificial Intelligence. :69–72.
In this paper, we explore the authorship attribution of The Golden Lotus using the traditional machine learning method of text classification. There are four candidate authors: Shizhen Wang, Wei Xu, Kaixian Li and Zhideng Wang. We choose The Golden Lotus's poems and four candidate authors' poems as data set. According to the characteristics of Chinese ancient poem, we choose Chinese character, rhyme, genre and overlapped word as features. We use six supervised machine learning algorithms, including Logistic Regression, Random Forests, Decision Tree and Naive Bayes, SVM and KNN classifiers respectively for text binary classification and multi-classification. According to two experiments results, the style of writing of Wei Xu's poems is the most similar to that of The Golden Lotus. It is proved that among four authors, Wei Xu most likely be the author of The Golden Lotus.
Pascucci, Antonio, Masucci, Vincenzo, Monti, Johanna.  2019.  Computational Stylometry and Machine Learning for Gender and Age Detection in Cyberbullying Texts. 2019 8th International Conference on Affective Computing and Intelligent Interaction Workshops and Demos (ACIIW). :1–6.
The aim of this paper is to show the importance of Computational Stylometry (CS) and Machine Learning (ML) support in author's gender and age detection in cyberbullying texts. We developed a cyberbullying detection platform and we show the results of performances in terms of Precision, Recall and F -Measure for gender and age detection in cyberbullying texts we collected.
Matyukhina, Alina, Stakhanova, Natalia, Dalla Preda, Mila, Perley, Celine.  2019.  Adversarial Authorship Attribution in Open-Source Projects. Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy. :291–302.
Open-source software is open to anyone by design, whether it is a community of developers, hackers or malicious users. Authors of open-source software typically hide their identity through nicknames and avatars. However, they have no protection against authorship attribution techniques that are able to create software author profiles just by analyzing software characteristics. In this paper we present an author imitation attack that allows to deceive current authorship attribution systems and mimic a coding style of a target developer. Withing this context we explore the potential of the existing attribution techniques to be deceived. Our results show that we are able to imitate the coding style of the developers based on the data collected from the popular source code repository, GitHub. To subvert author imitation attack, we propose a novel author obfuscation approach that allows us to hide the coding style of the author. Unlike existing obfuscation tools, this new obfuscation technique uses transformations that preserve code readability. We assess the effectiveness of our attacks on several datasets produced by actual developers from GitHub, and participants of the GoogleCodeJam competition. Throughout our experiments we show that the author hiding can be achieved by making sensible transformations which significantly reduce the likelihood of identifying the author's style to 0% by current authorship attribution systems.
Gröndahl, Tommi, Asokan, N..  2019.  Text Analysis in Adversarial Settings: Does Deception Leave a Stylistic Trace? ACM Computing Surveys (CSUR). 52:45:1-45:36.
Textual deception constitutes a major problem for online security. Many studies have argued that deceptiveness leaves traces in writing style, which could be detected using text classification techniques. By conducting an extensive literature review of existing empirical work, we demonstrate that while certain linguistic features have been indicative of deception in certain corpora, they fail to generalize across divergent semantic domains. We suggest that deceptiveness as such leaves no content-invariant stylistic trace, and textual similarity measures provide a superior means of classifying texts as potentially deceptive. Additionally, we discuss forms of deception beyond semantic content, focusing on hiding author identity by writing style obfuscation. Surveying the literature on both author identification and obfuscation techniques, we conclude that current style transformation methods fail to achieve reliable obfuscation while simultaneously ensuring semantic faithfulness to the original text. We propose that future work in style transformation should pay particular attention to disallowing semantically drastic changes.
Farag, Nadine, El-Seoud, Samir Abou, McKee, Gerard, Hassan, Ghada.  2019.  Bullying Hurts: A Survey on Non-Supervised Techniques for Cyber-Bullying Detection. Proceedings of the 2019 8th International Conference on Software and Information Engineering. :85–90.
The contemporary period is scarred by the predominant place of social media in everyday life. Despite social media being a useful tool for communication and social gathering it also offers opportunities for harmful criminal activities. One of these activities is cyber-bullying enabled through the abuse and mistreatment of the internet as a means of bullying others virtually. As a way of minimising this occurrence, research into computer-based researched is carried out to detect cyber-bullying by the scientific research community. An extensive literature search shows that supervised learning techniques are the most commonly used methods for cyber-bullying detection. However, some non-supervised techniques and other approaches have proven to be effective towards cyber-bullying detection. This paper, therefore, surveys recent research on non-supervised techniques and offers some suggestions for future research in textual-based cyber-bullying detection including detecting roles, detecting emotional state, automated annotation and stylometric methods.
Altamimi, Abdulaziz, Clarke, Nathan, Furnell, Steven, Li, Fudong.  2019.  Multi-Platform Authorship Verification. Proceedings of the Third Central European Cybersecurity Conference. :1–7.
At the present time, there has been a rapid increase in the variety and popularity of messaging systems such as social network messaging, text messages, email and Twitter, with users frequently exchanging messages across various platforms. Unfortunately, in amongst the legitimate messages, there is a host of illegitimate and inappropriate content - with cyber stalking, trolling and computerassisted crime all taking place. Therefore, there is a need to identify individuals using messaging systems. Stylometry is the study of linguistic features in a text which consists of verifying an author based on his writing style that consists of checking whether a target text was written or not by a specific individual author. Whilst much research has taken place within authorship verification, studies have focused upon singular platforms, often had limited datasets and restricted methodologies that have meant it is difficult to appreciate the real-world value of the approach. This paper seeks to overcome these limitations through providing an analysis of authorship verification across four common messaging systems. This approach enables a direct comparison of recognition performance and provides a basis for analyzing the feature vectors across platforms to better understand what aspects each capitalize upon in order to achieve good classification. The experiments also include an investigation into the feature vector creation, utilizing population and user-based techniques to compare and contrast performance. The experiment involved 50 participants across four common platforms with a total 13,617; 106,359; 4,539; and 6,540 samples for Twitter, SMS, Facebook, and Email achieving an Equal Error Rate (EER) of 20.16%, 7.97%, 25% and 13.11% respectively.
Zhi, Li, Yanzhu, Liu, Di, Liu, Nan, Zhang, Xueying, Ding, Yuanyuan, Liu.  2019.  A Hypergraph-Based Key Management Scheme for Smart Charging Networking. 2019 Chinese Control And Decision Conference (CCDC). :4904–4908.

In this article, to deal with data security requirements of electric vehicle users, a key management scheme for smart charging has been studied. According to the characteristics of the network, three elements and a two-subnetwork model between the charging and the electric vehicle users have been designed. Based on the hypergraph theory, the hypergraph structure of the smart charging network is proposed. And the key management scheme SCHKM is designed to satisfy the operational and security requirements of this structure. The efficiency of SCHKM scheme is analyzed from the cost experiment of key generation and key storage. The experimental results show that compared with the LKH, OFT and GKMP, the proposed key management scheme has obvious advantages in multi-user and key generation cost.

Takahashi, Ririka, Tanizawa, Yoshimichi, Dixon, Alexander.  2019.  A High-Speed Key Management Method for Quantum Key Distribution Network. 2019 Eleventh International Conference on Ubiquitous and Future Networks (ICUFN). :437–442.

Quantum Key Distribution (QKD) is a technique for sharing encryption keys between two adjacent nodes. It provides unconditional secure communication based on the laws of physics. From the viewpoint of network research, QKD is considered to be a component for providing secure communication in network systems. A QKD network enables each node to exchange encryption keys with arbitrary nodes. However previous research did not focus on the processing speed of the key management method essential for a QKD network. This paper focuses on the key management method assuming a high-speed QKD system for which we clarify the design, propose a high-speed method, and evaluate the throughput. The proposed method consists of four modules: (1) local key manager handling the keys generated by QKD, (2) one-time pad tunnel manager establishing the transparent encryption link, (3) global key manager generating the keys for application communication, and (4) web API providing keys to the application. The proposed method was implemented in software and evaluated by emulating QKD key generation and application key consumption. The evaluation result reveals that it is capable of handling the encryption keys at a speed of 414 Mb/s, 185 Mb/s, 85 Mb/s and 971 Mb/s, for local key manager, one-time pad tunnel manager, global key manager and web API, respectively. These are sufficient for integration with a high-speed QKD system. Furthermore, the method allows the high-speed QKD system consisting of two nodes to expand corresponding to the size of the QKD network without losing the speed advantage.

Shang, Chengya, Bao, Xianqiang, Fu, Lijun, Xia, Li, Xu, Xinghua, Xu, Chengcheng.  2019.  A Novel Key-Value Based Real-Time Data Management Framework for Ship Integrated Power Cyber-Physical System. 2019 IEEE Innovative Smart Grid Technologies - Asia (ISGT Asia). :854–858.
The new generation ship integrated power system (IPS) realizes high level informatization for various physical equipments, and gradually develops to a cyber-physical system (CPS). The future trend is collecting ship big data to achieve data-driven intelligence for IPS. However, traditional relational data management framework becomes inefficient to handle the real-time data processing in ship integrated power cyber-physics system. In order to process the large-scale real-time data that collected from numerous sensors by field bus of IPS devices within acceptable latency, especially for handling the semi-structured and non-structured data. This paper proposes a novel key-value data model based real-time data management framework, which enables batch processing and distributed deployment to acquire time-efficiency as well as system scalable. We implement a real-time data management prototype system based on an open source in-memory key-value store. Finally, the evaluation results from the prototype verify the advantages of novel framework compared with traditional solution.
Ma, Mingxin, Yang, Xiaotong, Shi, Guozhen, Li, Fenghua.  2019.  Enhanced Blockchain Based Key Management Scheme against Key Exposure Attack. Proceedings of the International Conference on Artificial Intelligence, Information Processing and Cloud Computing. :1–6.

The data collected by IoT devices is of great value, which makes people urgently need a secure device key management strategy to protect their data. Existing works introduce the blockchain technology to transfer the responsibility of key management from the trusted center in the traditional key management strategy to the devices, thus eliminating the trust crisis caused by excessive dependence on third parties. However, the lightweight implementation of IoT devices limits the ability to resist side channel attacks, causing the private key to be exposed and subject to masquerading attacks. Accordingly, we strengthen the original blockchain based key management scheme to defend against key exposure attack. On the one hand, we introduce two hash functions to bind transactions in the blockchain to legitimate users. On the other hand, we design a secure key exchange protocol for identifying and exchanging access keys between legitimate users. Security analysis and performance show that the proposed scheme improves the robustness of the network with small storage and communication overhead increments.

Lee, Tian-Fu, Liu, Chuan-Ming.  2019.  An Efficient Date-Constraint Hierarchical Key Management Scheme with Fast Key Validation Checking for Mobile Agents in E-Medicine System. Proceedings of the Third International Conference on Medical and Health Informatics 2019. :172–177.

A hierarchical key management scheme for mobile agents in e-medicine system enables users, such as patients, doctors, nurses and health visitors, to conveniently and securely access a remote hierarchical medical database system via public networks. Efficient hierarchical key management schemes do not require heavy computations even if the hierarchical structure has too many levels and participants. Chen et al. recently developed a hierarchical key management scheme with date-constraint for mobile agents. The key management scheme of Chen et al. is based the Elliptic Curve Cryptosystem and allows each secret key to be partnered with a validity period by using one-way hash chains. However, the scheme of Chen et al. fails to execute correctly, violates authenticated key security, and requires hundreds of hash functional operations. This investigation discusses these limitations, and proposes an efficient date-constraint hierarchical key management scheme for mobile agents in e-medicine system, which provides a fast key validation and expiration check phase to rapidly check whether the secret keys are valid and time-expired or not. The proposed key management scheme not only provides more security properties and rapidly checks the validation of secret keys, but also reduces the computational cost..

Jarecki, Stanislaw, Krawczyk, Hugo, Resch, Jason.  2019.  Updatable Oblivious Key Management for Storage Systems. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. :379–393.

We introduce Oblivious Key Management Systems (KMS) as a much more secure alternative to traditional wrapping-based KMS that form the backbone of key management in large-scale data storage deployments. The new system, that builds on Oblivious Pseudorandom Functions (OPRF), hides keys and object identifiers from the KMS, offers unconditional security for key transport, provides key verifiability, reduces storage, and more. Further, we show how to provide all these features in a distributed threshold implementation that enhances protection against server compromise. We extend this system with updatable encryption capability that supports key updates (known as key rotation) so that upon the periodic change of OPRF keys by the KMS server, a very efficient update procedure allows a client of the KMS service to non-interactively update all its encrypted data to be decryptable only by the new key. This enhances security with forward and post-compromise security, namely, security against future and past compromises, respectively, of the client's OPRF keys held by the KMS. Additionally, and in contrast to traditional KMS, our solution supports public key encryption and dispenses with any interaction with the KMS for data encryption (only decryption by the client requires such communication). Our solutions build on recent work on updatable encryption but with significant enhancements applicable to the remote KMS setting. In addition to the critical security improvements, our designs are highly efficient and ready for use in practice. We report on experimental implementation and performance.